The Executive Board of the University of Twente has established a new Information Security Policy.
Information security is constantly changing. Therefore, the policies that govern information security needs to be changed accordingly.
Great importance is placed on the availability, integrity and confidentiality of the information provided. This policy establishes how these aspects are guaranteed at the University of Twente. The importance of information security is also reflected in the SURF report ‘Cyber threat assessment’.
The University of Twente complies with the law and therefore handles information about students and staff as carefully as possible. A proactive attitude on the part of each employee is crucial to this, however no more measures are taken than strictly necessary to avoid frustrating the University of Twente’s entrepreneurial and creative nature.
Data security is everyone’s responsibility and constitutes a line responsibility. Managers bear primary responsibility for properly securing data in their department/unit. All information systems are classified on the aspects Availability, Integrity and Reliability. This classification determines the level of security measures.
The responsibilities of all officials involved will be described, in particular those of the Security Officer, Security Manager, System Custodians and managers. The importance of regularly drawing attention to security risks and measures will be detailed further. The role of CERT-UT (Computer Emergency Response Team of the University of Twente) is laid down.
The appendices detail relevant legislation, provide an overview of the other policy documents and codes of conduct in the area of information security and formulate the security rules (operational guidelines).